idnits 2.17.1 draft-ietf-ipfix-mediators-framework-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 300 has weird spacing: '...Reports recor...' == Line 317 has weird spacing: '...rvation into ...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 25, 2010) is 4894 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5101 (Obsoleted by RFC 7011) == Outdated reference: A later version (-06) exists of draft-ietf-ipfix-psamp-mib-01 -- Obsolete informational reference (is this intentional?): RFC 4347 (Obsoleted by RFC 6347) -- Obsolete informational reference (is this intentional?): RFC 5102 (Obsoleted by RFC 7012) -- Obsolete informational reference (is this intentional?): RFC 5246 (Obsoleted by RFC 8446) -- Obsolete informational reference (is this intentional?): RFC 5815 (Obsoleted by RFC 6615) Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPFIX Working Group A. Kobayashi 3 Internet-Draft NTT 4 Intended status: Informational B. Claise 5 Expires: April 28, 2011 Cisco Systems, Inc. 6 G. Muenz 7 TU Muenchen 8 K. Ishibashi 9 NTT 10 October 25, 2010 12 IPFIX Mediation: Framework 13 draft-ietf-ipfix-mediators-framework-09 15 Abstract 17 This document describes a framework for IPFIX Mediation. This 18 framework extends the IPFIX reference model by defining the IPFIX 19 Mediator components. 21 Status of this Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on April 28, 2011. 38 Copyright Notice 40 Copyright (c) 2010 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Terminology and Definitions . . . . . . . . . . . . . . . . . 4 57 3. IPFIX/PSAMP Documents Overview . . . . . . . . . . . . . . . . 7 58 3.1. IPFIX Documents Overview . . . . . . . . . . . . . . . . . 7 59 3.2. PSAMP Documents Overview . . . . . . . . . . . . . . . . . 7 60 4. IPFIX Mediation Reference Model . . . . . . . . . . . . . . . 8 61 5. IPFIX Mediation Functional Blocks . . . . . . . . . . . . . . 13 62 5.1. Collecting Process . . . . . . . . . . . . . . . . . . . . 13 63 5.2. Exporting Process . . . . . . . . . . . . . . . . . . . . 14 64 5.3. Intermediate Process . . . . . . . . . . . . . . . . . . . 14 65 5.3.1. Data Record Expiration . . . . . . . . . . . . . . . . 15 66 5.3.2. Specific Intermediate Processes . . . . . . . . . . . 15 67 6. Component Combination . . . . . . . . . . . . . . . . . . . . 21 68 6.1. Data-based Collector Selection . . . . . . . . . . . . . . 21 69 6.2. Flow Selection and Aggregation . . . . . . . . . . . . . . 22 70 6.3. IPFIX File Writer/Reader . . . . . . . . . . . . . . . . . 23 71 7. Encoding for IPFIX Message Header . . . . . . . . . . . . . . 24 72 8. Information Model . . . . . . . . . . . . . . . . . . . . . . 26 73 9. Security Considerations . . . . . . . . . . . . . . . . . . . 27 74 9.1. Avoiding Security Level Downgrade . . . . . . . . . . . . 27 75 9.2. Avoiding Security Level Upgrade . . . . . . . . . . . . . 28 76 9.3. Approximating End-to-End Assertions for IPFIX Mediators . 28 77 9.4. Multiple Tenancy . . . . . . . . . . . . . . . . . . . . . 29 78 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 79 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 31 80 11.1. Normative References . . . . . . . . . . . . . . . . . . . 31 81 11.2. Informative References . . . . . . . . . . . . . . . . . . 31 82 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 33 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 34 85 1. Introduction 87 The IPFIX architectural components in [RFC5470] consist of IPFIX 88 Devices and IPFIX Collectors communicating using the IPFIX protocol. 89 Due to the sustained growth of IP traffic in heterogeneous network 90 environments, this Exporter-Collector architecture may lead to 91 scalability problems. In addition, it does not provide the 92 flexibility required by a wide variety of measurement applications. 93 A detailed descriptions of these problems is given in [RFC5982]. 95 To fulfill application requirements with limited system resources, 96 the IPFIX architecture needs to introduce an intermediate entity 97 between Exporters and Collectors. From a data manipulation point of 98 view, this intermediate entity may provide the aggregation, 99 correlation, filtering, and modification of Flow Records and/or PSAMP 100 Packet Reports to save measurement system resources and to perform 101 preprocessing tasks for the Collector. From a protocol conversion 102 point of view, this intermediate entity may provide conversion into 103 IPFIX, or conversion of IPFIX transport protocols (e.g., from UDP to 104 SCTP) to improve the export reliability. 106 This document introduces a generalized concept for such intermediate 107 entities and describes the high-level architecture of IPFIX 108 Mediation, key IPFIX Mediation architectural components, and 109 characteristics of IPFIX Mediation. 111 This document is structured as follows: section 2 describes the 112 terminology used in this document, section 3 gives an IPFIX/PSAMP 113 document overview, section 4 describes a high-level reference model, 114 section 5 describes functional features related to IPFIX Mediation, 115 section 6 describes combinations of components along with some 116 application examples, section 7 describes consideration points of the 117 encoding for IPFIX Message headers, and section 8 describes the 118 Information Elements used in an IPFIX Mediator. 120 2. Terminology and Definitions 122 The IPFIX-specific and PSAMP-specific terminology used in this 123 document is defined in [RFC5101] and [RFC5476], respectively. The 124 IPFIX Mediation-specific terminology used in this document is defined 125 in [RFC5982]. However, as reading the problem statements document is 126 not a prerequisite to reading this framework document, the 127 definitions have been reproduced here along with additional 128 definitions. In this document, as in [RFC5101] and [RFC5476], the 129 first letter of each IPFIX-specific and PSAMP-specific term is 130 capitalized along with the IPFIX Mediation-specific terms defined 131 here. The use of the terms "must", "should", and "may" in this 132 document is informational only. 134 In this document, we call "record stream" a stream of records 135 carrying flow-based or packet-based information. The records may be 136 encoded as IPFIX Data Records or in any other format. 138 Transport Session Information 140 The Transport Session Information contains information which 141 allows to identify an individual Transport Session as defined in 142 [RFC5101]. If SCTP is used as transport protocol, the Transport 143 Session Information identifies the SCTP association. If TCP or 144 UDP is used as transport protocol, the Transport Session 145 Information corresponds to the 5-tuple {Exporter IP address, 146 Collector IP address, Exporter transport port, Collector transport 147 port, transport protocol}. The Transport Session Information may 148 include further details about how TLS [RFC5246] or DTLS [RFC4347] 149 is used for encryption and authentication. 151 Original Exporter 153 An Original Exporter is an IPFIX Device that hosts the Observation 154 Points where the metered IP packets are observed. 156 IPFIX Mediation 158 IPFIX Mediation is the manipulation and conversion of a record 159 stream for subsequent export using the IPFIX protocol. 161 The following terms are used in this document to describe the 162 architectural entities used by IPFIX Mediation. 164 Intermediate Process 166 An Intermediate Process takes a record stream as its input from 167 Collecting Processes, Metering Processes, IPFIX File Readers, 168 other Intermediate Processes, or other record sources; performs 169 some transformations on this stream, based upon the content of 170 each record, states maintained across multiple records, or other 171 data sources; and passes the transformed record stream as its 172 output to Exporting Processes, IPFIX File Writers, or other 173 Intermediate Processes, in order to perform IPFIX Mediation. 174 Typically, an Intermediate Process is hosted by an IPFIX Mediator. 175 Alternatively, an Intermediate Process may be hosted by an 176 Original Exporter. 178 Specific Intermediate Processes are described below. However, this 179 is not an exhaustive list. 181 Intermediate Conversion Process 183 An Intermediate Conversion Process is an Intermediate Process that 184 transforms non-IPFIX into IPFIX, or manages the relation among 185 Templates and states of incoming/outgoing transport sessions in 186 the case of transport protocol conversion (e.g., from UDP to 187 SCTP). 189 Intermediate Aggregation Process 191 An Intermediate Aggregation Process is an Intermediate Process 192 that aggregates records based upon a set of Flow Keys or functions 193 applied to fields from the record (e.g., data binning and subnet 194 aggregation). 196 Intermediate Correlation Process 198 An Intermediate Correlation Process is an Intermediate Process 199 that adds information to records, noting correlations among them, 200 or generates new records with correlated data from multiple 201 records (e.g., the production of bidirectional flow records from 202 unidirectional flow records). 204 Intermediate Selection Process 206 An Intermediate Selection Process is an Intermediate Process that 207 selects records from a sequence based upon criteria-evaluated 208 record values and passes only those records that match the 209 criteria (e.g., filtering only records from a given network to a 210 given Collector). 212 Intermediate Anonymization Process 214 An Intermediate Anonymization Process is an Intermediate Process 215 that transforms records in order to anonymize them, to protect the 216 identity of the entities described by the records (e.g., by 217 applying prefix-preserving pseudonymization of IP addresses). 219 IPFIX Mediator 221 An IPFIX Mediator is an IPFIX Device that provides IPFIX Mediation 222 by receiving a record stream from some data sources, hosting one 223 or more Intermediate Processes to transform that stream, and 224 exporting the transformed record stream into IPFIX Messages via an 225 Exporting Process. In the common case, an IPFIX Mediator receives 226 a record stream from a Collecting Process, but it could also 227 receive a record stream from data sources not encoded using IPFIX, 228 e.g., in the case of conversion from the NetFlow V9 protocol 229 [RFC3954] to IPFIX protocol. 231 Note that the IPFIX Mediator is a generalization of the concentrator 232 and proxy elements envisioned in the IPFIX requirements [RFC3917]. 233 IPFIX Mediators running appropriate Intermediate Processes provide 234 the functionality specified therein. 236 3. IPFIX/PSAMP Documents Overview 238 IPFIX Mediation can be applied to flow-based or packet-based 239 information. The flow-based information is encoded as IPFIX Flow 240 Records by IPFIX protocol, and the packet-based information is 241 extracted by some packet selection techniques and then encoded as 242 PSAMP Packet Reports by PSAMP protocol. Thus, this section describes 243 relevant documents for both protocols. 245 3.1. IPFIX Documents Overview 247 The IPFIX protocol [RFC5101] provides network administrators with 248 access to IP Flow information. The architecture for the export of 249 measured IP Flow information from an IPFIX Exporting Process to a 250 Collecting Process is defined in [RFC5470], per the requirements 251 defined in [RFC3917]. The IPFIX protocol [RFC5101] specifies how 252 IPFIX Data Records and Templates are carried via a number of 253 transport protocols from IPFIX Exporting Processes to IPFIX 254 Collecting Processes. IPFIX has a formal description of IPFIX 255 Information Elements, their names, types, and additional semantic 256 information, as specified in [RFC5102]. The IPFIX Management 257 Information Base is defined in [RFC5815]. Finally, [RFC5472] 258 describes what types of applications can use the IPFIX protocol and 259 how they can use the information provided. It furthermore shows how 260 the IPFIX framework relates to other architectures and frameworks. 261 The storage of IPFIX Messages in a file is specified in [RFC5655]. 263 3.2. PSAMP Documents Overview 265 The framework for packet selection and reporting [RFC5474] enables 266 network elements to select subsets of packets by statistical and 267 other methods and to export a stream of reports on the selected 268 packets to a Collector. The set of packet selection techniques 269 (Sampling and Filtering) standardized by PSAMP is described in 270 [RFC5475]. The PSAMP protocol [RFC5476] specifies the export of 271 packet information from a PSAMP Exporting Process to a Collector. 272 Like IPFIX, PSAMP has a formal description of its Information 273 Elements, their names, types, and additional semantic information. 274 The PSAMP information model is defined in [RFC5477]. The PSAMP 275 Management Information Base is described in [PSAMP-MIB]. 277 4. IPFIX Mediation Reference Model 279 Figure A shows the high-level IPFIX Mediation reference model as an 280 extension of the IPFIX reference model presented in [RFC5470]. This 281 figure covers the various possible scenarios that can exist in an 282 IPFIX measurement system. 284 +----------------+ +---------------+ +---------------+ 285 | Collector 1 | | Collector 2 | | Collector N | 286 |[Collecting | |[Collecting | |[Collecting | 287 | Process(es)] | | Process(es)] |... | Process(es)] | 288 +----^-----------+ +---^--------^--+ +--------^------+ 289 | / \ | 290 | / \ | 291 Flow Records Flow Records Flow Records Flow Records 292 | / \ | 293 +------+-------------+------+ +------+-----------+--------+ 294 |IPFIX Mediator 3 | |IPFIX Mediator N | 295 |[Exporting Process(es)] | |[Exporting Process(es)] | 296 |[Intermediate Process(es)] | |[Intermediate Process(es)] | 297 |[Collecting Process(es)] |... |[Collecting Process(es)] | 298 +----^----------------^-----+ +------^----------------^---+ 299 | | | | 300 Flow Records Flow Records Packet Reports record stream 301 | | | | 302 +------+------+ +------+-------+ +------+-------+ +-----+-----+ 303 |IPFIX | |IPFIX Original| |PSAMP Original| |Other | 304 | Mediator 1 | | Exporter 1 | | Exporter 1 | | Source 1 | 305 |+-------------+ |+--------------+ |+--------------+ |+-----------+ 306 +|IPFIX | +|IPFIX Original| +|PSAMP Original| +|Other | 307 | Mediator 2 | | Exporter N | | Exporter N | | Source N | 308 |[Exporting | |[Exporting | |[Exporting | | | 309 | Process(es)]| | Process(es)]| | Process(es)]| | | 310 |[Intermediate| |[Metering | |[Metering | | | 311 | Process(es)]| | Process(es)]| | Process(es)]| | | 312 |[Collecting | |[Observation | |[Observation | | | 313 | Process(es)]| | Point(s)]| | Point(s)]| | | 314 +------^------+ +-----^-^------+ +-----^-^------+ +-----------+ 315 | | | | | 316 Flow Records Packets coming Packets coming 317 into Observation into Observation 318 Points Points 320 Figure A: IPFIX Mediation Reference Model Overview. 322 The functional components within each entity are indicated within 323 brackets []. An IPFIX Mediator receives IPFIX Flow Records or PSAMP 324 Packet Records from other IPFIX Mediators, IPFIX Flow Records from 325 IPFIX Original Exporters, PSAMP Packet Reports from PSAMP Original 326 Exporters, and/or a record stream from other sources. The IPFIX 327 Mediator then exports IPFIX Flow Records and/or PSAMP Packet Reports 328 to one or multiple Collectors and/or other IPFIX Mediators. 330 Figure B shows the basic IPFIX Mediator component model. An IPFIX 331 Mediator contains one or more Intermediate Processes and one or more 332 Exporting Processes. Typically, it also contains a Collecting 333 Process, as described in Figure B below. 335 IPFIX (Data Records) 336 ^ 337 ^ | 338 +------------------------|-|---------------------+ 339 | IPFIX Mediator | | | 340 | | | | 341 | .---------------------|-+-------------------. | 342 | .----------------------+--------------------.| | 343 | | Exporting Process(es) |' | 344 | '----------------------^--------------------' | 345 | | | | 346 | .---------------------|-+-------------------. | 347 | .----------------------+--------------------.| | 348 | | Intermediate Process(es) |' | 349 | '----------------------^--------------------' | 350 | | | | 351 | .---------------------|-+-------------------. | 352 | .----------------------+--------------------.| | 353 | | Collecting Process(es) |' | 354 | '----------------------^--------------------' | 355 +------------------------|-|---------------------+ 356 | 357 IPFIX (Data Records) 359 Figure B: Basic IPFIX Mediator Component Model. 361 However, other data sources are also possible: an IPFIX Mediator can 362 receive a record stream from non-IPFIX protocols such as NetFlow 363 [RFC3954] exporter(s). This document does not make any particular 364 assumption on how a record stream is transferred to an IPFIX 365 Mediator. Figure C below shows the IPFIX Mediator component model in 366 the case of IPFIX protocol conversion from non-IPFIX exporters. 368 IPFIX (Data Records) 369 ^ 370 ^ | 371 +------------------------|-|---------------------+ 372 | IPFIX Mediator | | | 373 | .---------------------|-+-------------------. | 374 | .----------------------+--------------------.| | 375 | | Exporting Process(es) |' | 376 | '----------------------^--------------------' | 377 | .---------------------|-+-------------------. | 378 | .----------------------+--------------------.| | 379 | | Intermediate Process(es) |' | 380 | '----------------------^--------------------' | 381 +------------------------|-----------------------+ 382 | record stream 383 +------------------------|-----------------------+ 384 | Non-IPFIX exporter | | 385 | +-------------+----------+ | 386 | | | | 387 +----------|------------------------|------------+ 388 | | 389 Packets coming into observation points 391 Figure C: IPFIX Mediator Component Model in IPFIX Protocol 392 Conversion. 394 Alternatively, an Original Exporter may provide IPFIX Mediation by 395 hosting one or more Intermediate Processes. The component model in 396 Figure D adds Intermediate Process(es) to the IPFIX Device model 397 illustrated in [RFC5470]. In comparison with Figure 1 or 2 in 398 [RFC5470], the Intermediate Process is located between IPFIX Metering 399 Process(es), or PSAMP Metering Process(es) and Exporting Process(es). 401 IPFIX (Data Records) 402 ^ ^ 403 +---------------------------|-|------------------------+ 404 | Original Exporter | | | 405 | | | | 406 | .---------------------|-+-------------------. | 407 | .----------------------+--------------------.| | 408 | | Exporting Process(es) |' | 409 | '----------------------^--------------------' | 410 | | | | 411 | .---------------------|-+-------------------. | 412 | .----------------------+--------------------.| | 413 | | Intermediate Process(es) |' | 414 | '---------^-----------------------^---------' | 415 | | Data Records | | 416 | .----------+---------. .---------+----------. | 417 | | Metering Process 1 |...| Metering Process N | | 418 | '----------^---------' '---------^----------' | 419 | | | | 420 | .-----------+---------. .---------+-----------. | 421 | | Observation Point 1 |...| Observation Point N | | 422 | '-----------^---------' '---------^-----------' | 423 +--------------|-----------------------|---------------+ 424 | | 425 Packets coming into Observation Points 427 Figure D: IPFIX Mediation Component Model at Original Exporter. 429 In addition, an Intermediate Process may be collocated with an IPFIX 430 File Reader and/or Writer. Figure E shows an IPFIX Mediation 431 component model with an IPFIX File Writer and/or Reader. 433 IPFIX (Data Records) 434 ^ 435 ^ | 436 .----------------------|-+--------------------. 437 .-----------------------+---------------------.| 438 | IPFIX File Writer |' 439 '-----------------------^---------------------' 440 | | 441 .----------------------|-+--------------------. 442 .-----------------------+---------------------.| 443 | Intermediate Process(es) |' 444 '-----------------------^---------------------' 445 | | 446 .----------------------|-+--------------------. 447 .-----------------------+---------------------.| 448 | IPFIX File Reader |' 449 '-----------------------^---------------------' 450 | 451 IPFIX (Data Records) 453 Figure E: IPFIX Mediation Component Model collocated with IPFIX File 454 Writer/Reader. 456 5. IPFIX Mediation Functional Blocks 458 Figure F shows a functional block diagram example in an IPFIX 459 Mediator, having different Intermediate Process types. 461 IPFIX IPFIX IPFIX 462 ^ ^ ^ 463 | | | 464 .------------. .-----+-------. .-----+-------. .------+------. 465 | IPFIX File | | Exporting | | Exporting | | Exporting | 466 | Writer | | Process 1 | | Process 2 |....| Process N | 467 '-----^-^----' '-----^-------' '-----^-------' '------^------' 468 | | | | | 469 | +-------------+ | | 470 : Flow Records / Packet Reports : 471 .------+-------. .-----+--------. .----+---------. .--------------. 472 | Intermediate | | Intermediate | | Intermediate | | Intermediate | 473 | Anonymization| | Correlation | | Aggregation | | Selection | 474 | Process N | | Process N | | Process N | | Process N | 475 '------|-------' '------|-------' '-----|-|------' '-------|------' 476 | +---------------+ | | 477 : : : : 478 .------+-------. .------+-------. .-------+------. .-------+------. 479 | Intermediate | | Intermediate | | Intermediate | | Intermediate | 480 | Selection | | Selection | | Selection | | Selection | 481 | Process 1 | | Process 2 | | Process 3 | | Process 4 | 482 '------|-|-----' '------|-------' '-----|--------' '-------|------' 483 | +--------------+ | +----------------+ 484 | | | | | 485 : Flow Records / Packet Reports : 486 .------+------. .-------+-----. .-----+-+-----. .-----+------. 487 | Collecting | | Collecting | | Collecting | | IPFIX File | 488 | Process 1 | | Process 2 |...| Process N | | Reader | 489 '------^------' '------^------' '------^------' '------------' 490 | | | 491 Flow Records Flow Records Flow Records 493 Figure F: IPFIX Mediation Functional Block Diagram. 495 5.1. Collecting Process 497 A Collecting Process in an IPFIX Mediator is not different from the 498 Collecting Process described in [RFC5101]. Additional functions in 499 an IPFIX Mediator include transmitting the set of Data Records and 500 Control Information to one or more components, i.e., Intermediate 501 Processes and other applications. In other words, a Collecting 502 Process may duplicate the set and transmit it to one or more 503 components in sequence or in parallel. In the case of an IPFIX 504 Mediator, the Control Information described in [RFC5470] includes 505 IPFIX Message header information and Transport Session Information 506 along with information about the Metering Process and the Exporting 507 Process in an Original Exporter, e.g., Sampling parameters. 509 5.2. Exporting Process 511 An Exporting Process in an IPFIX Mediator is not different from the 512 Exporting Process described in [RFC5101]. Additional functions in an 513 IPFIX Mediator may include the following. 515 o Receiving the trigger to transmit the Template Withdrawal Messages 516 from Intermediate Process(es) when relevant Templates become 517 invalid due to, for example, incoming session failure. 519 o Transmitting the origin (e.g., Observation Point, Observation 520 Domain ID, Original Exporter IP address, etc.) of the data in 521 additional Data Record fields or additional Data Records. The 522 parameters that represent the origin should be configurable. 524 5.3. Intermediate Process 526 An Intermediate Process is a key functional block for IPFIX 527 Mediation. Its typical functions include the following: 529 o Generating a new record stream from an input record stream 530 including context information (e.g., Observation Domain ID and 531 Transport Session Information), and transmitting it to other 532 components. 534 o Reporting statistics and interpretations for IPFIX Metering 535 Processes, PSAMP Metering Processes, and Exporting Processes from 536 an Original Exporter. See section 4 of [RFC5101] and section 6 of 537 [RFC5476] for relevant statistics data structures and 538 interpretations, respectively. Activation of this function should 539 be configurable. 541 o Maintaining the configurable relation between Collecting 542 Process(es)/Metering Process(es) and Exporting Process(es)/other 543 Intermediate Process(es). 545 o Maintaining database(s) of Data Records in the case of an 546 Intermediate Aggregation Process and an Intermediate Correlation 547 Process. The function has the Data Record expiration rules 548 described in the next subsection. 550 o Maintaining statistics on the Intermediate Process itself, such as 551 the number of input/output Data Records, etc. 553 o Maintaining additional information about output record streams, 554 which includes information related to the Original Exporters, 555 Observation Domain, and administrative domain as well as some 556 configuration parameters related to each function. 558 In the case of an Intermediate Aggregation Process, Intermediate 559 Anonymization Process, and Intermediate Correlation Process, the 560 value of the "flowKeyIndicator" needs to be modified when 561 modifying the data structure defined by an original Template. 563 5.3.1. Data Record Expiration 565 An Intermediate Aggregation Process and Intermediate Correlation 566 Process need to have expiration conditions to export cached Data 567 Records. In the case of the Metering Process in an Original 568 Exporter, these conditions are described in [RFC5470]. In the case 569 of the Intermediate Process, these conditions are as follows: 571 o If there are no input Data Records belonging to a cached Flow for 572 a certain time period, aggregated Flow Records will expire. This 573 time period should be configurable at the Intermediate Process. 575 o If the Intermediate Process experiences resource constraints, 576 aggregated Flow Records may prematurely expire (e.g., lack of 577 memory to store Flow Records). 579 o For long-running Flows, the Intermediate Process should cause the 580 Flow to expire on a regular basis or on the basis of an expiration 581 policy. This periodicity or expiration policy should be 582 configurable at the Intermediate Process. 584 In the case of an Intermediate Correlation Process, a cached Data 585 Record may be prematurely expired (and discarded) when no correlation 586 can be computed with newly received Data Records. For example, an 587 Intermediate Correlation Process computing one way delay may discard 588 the cached Packet Report when no other matching packet Report are 589 observed within a certain time period. 591 5.3.2. Specific Intermediate Processes 593 This section describes the functional blocks of specific Intermediate 594 Processes. 596 5.3.2.1. Intermediate Conversion Process 598 When receiving a non-IPFIX record stream, the Intermediate Conversion 599 Process covers the following functions: 601 o Determining the IPFIX Information Element identifiers which 602 correspond to the fields of the non-IPFIX records (e.g., 603 converting NetFlow V9 protocol [RFC3954] to IPFIX Information 604 Model [RFC5102]). 606 o Transforming the non-IPFIX records into Data Records, (Options) 607 Template Records, and/or Data Records defined by Options 608 Templates. 610 o Converting additional information (e.g., sampling rate, sampling 611 algorithm, and observation information) into appropriate fields in 612 the existing Data Records or into Data Records defined by new 613 Option Templates. 615 IPFIX transport protocol conversion can be used to enhance the export 616 reliability, for example for data retention and accounting. In this 617 case, the Intermediate Conversion Process covers the following 618 functions: 620 o Relaying Data Records, (Options) Template Records, and Data 621 Records defined by Options Templates. 623 o Setting the trigger for the Exporting Process in order to export 624 IPFIX Template Withdrawal Messages relevant to the Templates when 625 Templates becomes invalid due to, for example, incoming session 626 failure. This case applies to SCTP and TCP Transport Sessions on 627 the outgoing side, only. 629 o Maintaining the mapping information about Transport Sessions, 630 Observation Domain IDs, and Template IDs on the incoming and 631 outgoing sides in order to ensure the consistency of scope field 632 values of incoming and outgoing Data Records defined by Options 633 Templates, and of Template IDs of incoming and outgoing IPFIX 634 Template Withdrawal Messages. 636 5.3.2.2. Intermediate Selection Process 638 An Intermediate Selection Process has analogous functions to the 639 PSAMP Selection Process described in [RFC5475]. The difference is 640 that the Intermediate Selection Process takes a record stream, e.g., 641 Flow Records or Packet Reports, instead of observed packets as its 642 input. 644 The typical function is property match filtering that retrieves a 645 record stream of interest. The function selects a Data Record if the 646 value of a specific field in the Data Record equals a configured 647 value or falls within a configured range. 649 5.3.2.3. Intermediate Aggregation Process 651 An Intermediate Aggregation Process covers the following functions: 653 o Merging a set of Data Records within a certain time period into 654 one Flow Record by summing up the counters where appropriate. 656 o Maintaining statistic and additional information about aggregated 657 Flow Records. 659 The statistics for an aggregated Flow Record may include the 660 number of original Data Records and the maximum and minimum values 661 of per-flow counters. Additional information may include an 662 aggregation time period, a new set of Flow Keys, and observation 663 location information involved in the Flow aggregation. 664 Observation location information can be tuples of (Observation 665 Point, Observation Domain ID, Original Exporter IP address) or 666 another identifier indicating the location where the measured 667 traffic has been observed. 669 o Aggregation of Data Records, which can be done in the following 670 ways: 672 * Spatial composition 674 With spatial composition, Data Records sharing common 675 properties are merged into one Flow Record within a certain 676 time period. One typical aggregation can be based on a new set 677 of Flow Keys. Generally, a smaller set of common properties 678 than an original set of Flow Keys results in a higher level of 679 aggregation. Another aggregation can be based on a set of 680 Observation Points within an Observation Domain, on a set of 681 Observation Domains within an Exporter, or on a set of 682 Exporters. 684 If some fields do not serve as Flow Keys or per-Flow counters, 685 and their values may change from Data Records to Data Records 686 within an aggregated Flow Record, the Intermediate Aggregation 687 Process determines their values by the first Data Record 688 received, a specific Exporter IP address, or other appropriate 689 decisions. 691 Furthermore, a new identifier indicating a group of observation 692 locations can be introduced, for example, to indicate PoP 693 (Points of Presence) in a large network, or a logical interface 694 composed of physical interfaces with link aggregation. 696 * Temporal composition 698 With temporal composition, multiple consecutive Flow Records 699 with identical Flow Key values are merged into a single Flow 700 Record of longer Flow duration if they arrive within a certain 701 time interval. The main difference to spatial composition is 702 that Flow Records are only merged if they originate from the 703 same Observation Point and if the Flow Key values are 704 identical. For example, multiple Flow Records with a Flow 705 duration of less than one minute can be merged into a single 706 Flow Record with more than ten minutes Flow duration. 708 In addition, the Intermediate Aggregation Process with temporal 709 composition produces aggregated counters while reducing the 710 number of Flow Records on a Collector. Some specific non-key 711 fields, such as the minimumIpTotalLength/maximumIpTotalLength 712 or minimumTTL/maximumTTL, will contain the minimum and maximum 713 values for the new aggregated Flow. 715 Spatial and temporal composition can be combined in a single 716 Intermediate Aggregation Process. The Intermediate Aggregation 717 Process can be combined with the Intermediate Selection Process in 718 order to aggregate only a subset of the original Flow Records, for 719 example Flow Records with small numbers of packets as described in 720 section 6.2. 722 5.3.2.4. Intermediate Anonymization Process 724 An Intermediate Anonymization Process covers the following typical 725 functions. 727 o Deleting specified fields 729 The function deletes existing fields in accordance with some 730 instruction rules. Examples include hiding network topology 731 information and private information. In the case of feeding Data 732 Records to end customers, disclosing vulnerabilities is avoided by 733 deleting fields, e.g., "ipNextHopIP{v4|v6}Address", 734 "bgpNextHopIP{v4|v6}Address", "bgp{Next|Prev}AdjacentAsNumber", 735 and "mplsLabelStackSection", described in [RFC5102]. 737 o Anonymizing values of specified fields 739 The function modifies the values of specified fields. Examples 740 include anonymizing customers' private information, such as IP 741 address and port number, in accordance with a privacy protection 742 policy. The Intermediate Anonymization Process may also report 743 anonymized fields and the anonymization method as additional 744 information. 746 5.3.2.5. Intermediate Correlation Process 748 An Intermediate Correlation Process can be viewed as a special case 749 of the Intermediate Aggregation Process, covering the following 750 typical functions: 752 o Producing new information including metrics, counters, attributes, 753 or packet property parameters by evaluating the correlation among 754 sets of Data Records or among Data Records and other meta data 755 after gathering sets of Data Records within a certain time period. 757 o Adding new fields into a Data Record or creating a new Data 758 Record. 760 A correlation of Data Records can be done in the following ways, 761 which can be implemented individually or in combinations. 763 o One-to-one correlation between Data Records, with the following 764 examples: 766 * One-way delay, Packet delay variation in [RFC5481] 767 The metrics come from the correlation of the timestamp value on 768 a pair of Packet Reports indicating an identical packet at 769 different Observation Points in the network. 771 * Packet inter-arrival time or jitter 772 The metrics come from the correlation of the timestamp value on 773 consecutive Packet Reports from a single Exporter. 775 * Rate-limiting ratio, compression ratio, optimization ratio, 776 etc. 777 The data values come from the correlation of Data Records 778 indicating an identical Flow observed on the incoming/outgoing 779 points of a WAN interface. 781 o Correlation amongst Data Records, with the following examples: 783 * Bidirectional Flow composition 784 The method of exporting and representing a Bidirectional Flow 785 (Biflow) is described in [RFC5103]. The Bidirectional Flow 786 composition is a special case of Flow Key aggregation. The 787 Flow Records are merged into one Flow Record as Biflow, if Non- 788 directional Key Fields match and the Directional Key Fields 789 match their reverse direction counterparts. The direction 790 assignment method to assign the Biflow Source and Destination 791 as additional information may be reported. In the case of an 792 Intermediate Aggregation Process, the direction may be assigned 793 arbitrarily (see [RFC5103], section 5.3). 795 * Average/maximum/minimum for packets, bytes, one-way delay, 796 packet loss, etc. 797 The data values come from the correlation of multiple Data 798 Records gathered in a certain time interval. 800 o Correlation between Data Record and other meta data 802 Typical examples are derived packet property parameters described 803 in [RFC5102]. The parameters are retrieved based on the value of 804 the specified field in an input Data Record, compensating for 805 traditional exporting devices or probes that are unable to add 806 packet property parameters. Typical derived packet property 807 parameters are as follows: 809 * "bgpNextHop{IPv4|IPv6}Address" described in [RFC5102], which 810 indicates the egress router of a network domain. It is useful 811 for making a traffic matrix that covers the whole network 812 domain. 814 * BGP communitiy attributes 815 This attribute indicates tagging for routes of geographical and 816 topological information and source types (e.g., transit, peer, 817 or customer) as described in [RFC4384]. Therefore, network 818 administrators can monitor the geographically-based or source 819 type-based traffic volume by correlating the attribute. 821 * "mplsVpnRouteDistinguisher" described in [RFC5102] 822 This value indicates the VPN customer's identification, which 823 cannot be extracted from the core router in MPLS networks. 824 Thanks to this correlation, network administrators can monitor 825 the customer-based traffic volume even on core routers. 827 6. Component Combination 829 An IPFIX Mediator may be able to simultaneously support more than one 830 Intermediate Process. Multiple Intermediate Processes generally are 831 configured in the following ways. 833 o Parallel Intermediate Processes 835 A record stream is processed by multiple Intermediate Processes in 836 parallel to fulfill the requirements of different applications. 837 In this setup, every Intermediate Process receives a copy of the 838 entire record stream as its input. 840 o Serial Intermediate Processes 842 To execute flexible manipulation of a record stream, the 843 Intermediate Processes are connected serially. In that case, an 844 output record stream from one Intermediate Process forms an input 845 record stream for a succeeding Intermediate Process. 847 In addition to the combination of Intermediate Processes, the 848 combination of some components (Exporting Process, Collecting 849 Process, IPFIX File Writer and Reader) can be applied to provide 850 various data reduction techniques. This section shows some 851 combinations along with examples. 853 6.1. Data-based Collector Selection 855 The combination of one or more Intermediate Selection Processes and 856 Exporting Processes can determine to which Collector input Data 857 Records are exported. Applicable examples include exporting Data 858 Records to a dedicated Collector on the basis of a customer or an 859 organization. For example, an Intermediate Selection Process selects 860 Data Records from a record stream on the basis of the peering 861 autonomous system number, and an Exporting Process sends them to a 862 dedicated Collector, as shown in the Figure G. 864 .----------------------. .------------. 865 | Intermediate | | Exporting | 866 | Selection Process 1 | | Process 1 | 867 +--+--- Peering AS #10 ---+-->| +--> Collector 1 868 | '----------------------' '------------' 869 | .----------------------. .------------. 870 record | | Intermediate | | Exporting | 871 stream | | Selection Process 2 | | Process 2 | 872 -------+--+--- Peering AS #20 ---+-->| +--> Collector 2 873 | '----------------------' '------------' 874 | .----------------------. .------------. 875 | | Intermediate | | Exporting | 876 | | Selection Process 3 | | Process 3 | 877 +--+--- Peering AS #30 ---+-->| +--> Collector 3 878 '----------------------' '------------' 880 Figure G: Data-based Collector Selection. 882 6.2. Flow Selection and Aggregation 884 The combination of one or more Intermediate Selection Processes and 885 Intermediate Aggregation Processes can efficiently reduce the amount 886 of Flow Records. The combination structure is similar to the concept 887 of the Composite Selector described in [RFC5474]. For example, an 888 Intermediate Selection Process selects Flows consisting of a small 889 number of packets and then transmits them to an Intermediate 890 Aggregation Process. Another Intermediate Selection Process selects 891 other Flow Records and then transmits them to an Exporting Process, 892 as shown in Figure H. This results in aggregation on the basis of the 893 distribution of the number of packets per Flow. 895 .------------------. .--------------. .------------. 896 | Intermediate | | Intermediate | | Exporting | 897 | Selection | | Aggregation | | Process | 898 | Process 1 | | Process | | | 899 +-+ packetDeltaCount +->| +->| | 900 | | <= 5 | | | | | 901 record | '------------------' '--------------' | | 902 stream | .------------------. | | 903 -------+ | Intermediate | | | 904 | | Selection | | | 905 | | Process 2 | | | 906 +-+ packetDeltaCount +------------------->| | 907 | > 5 | | | 908 '------------------' '------------' 910 Figure H: Flow Selection and Aggregation Example. 912 6.3. IPFIX File Writer/Reader 914 An IPFIX File Writer [RFC5655] stores Data Records in a file system. 915 When Data Records include problematic Information Elements, an 916 Intermediate Anonymization Process can delete these fields before the 917 IPFIX File Writer handles them, as shown in Figure I. 919 .---------------. .---------------. .-------------. 920 | Collecting | | Intermediate | | IPFIX | 921 IPFIX | Process | | Anonymization | | File | 922 ----->| +->| Process +->| Writer | 923 '---------------' '---------------' '-------------' 925 Figure I: IPFIX Mediation Example with IPFIX File Writer. 927 In contrast, an IPFIX File Reader [RFC5655] retrieves stored Data 928 Records when administrators want to retrieve past Data Records from a 929 given time period. If the data structure of the Data Records from 930 the IPFIX File Reader is different from what administrators want, an 931 Intermediate Anonymization Process and Intermediate Correlation 932 Process can modify the data structure, as shown in Figure J. 934 .-------------. .---------------. .---------------. .-----------. 935 | IPFIX | | Intermediate | | Intermediate | | Exporting | 936 | File | | Anonymization | | Correlation | | Process | 937 | Reader +->| Process +->| Process +->| | 938 '-------------' '---------------' '---------------' '-----------' 940 Figure J: IPFIX Mediation Example with IPFIX File Reader. 942 In the case where distributed IPFIX Mediators enable on-demand export 943 of Data Records which have been previously stored by a File Writer, a 944 collecting infrastructure with huge storage capacity for data 945 retention can be set up. 947 7. Encoding for IPFIX Message Header 949 The IPFIX Message Header [RFC5101] includes Export Time, Sequence 950 Number, and Observation Domain ID fields. This section describes 951 some consideration points for the IPFIX Message header encoding in 952 the context of IPFIX Mediation. 954 Export Time 956 An IPFIX Mediator can set the Export Time in two ways. 958 * Case 1: keeping the field value of incoming Transport Sessions 960 * Case 2: setting the time at which an IPFIX Message leaves the 961 IPFIX Mediator 963 Case 1 can be applied to the case where an IPFIX Mediator operates 964 as a proxy at IPFIX Message level rather than Data Record level. 965 In case 2, the IPFIX Mediator needs to handle any delta time stamp 966 fields described in [RFC5102], such as 967 "flowStartDeltaMicroseconds" and "flowEndDeltaMicroseconds". 969 Sequence Number 971 In the case where an IPFIX Mediator relays IPFIX Messages from one 972 Transport Session to another Transport Session, the IPFIX Mediator 973 needs to handle the Sequence Number properly. In particular, the 974 Sequence Number in the outgoing session is not allowed to be re- 975 initialized, even when the incoming session shuts down and re- 976 starts. 978 Observation Domain ID 980 According to [RFC5101], the Observation Domain ID in the IPFIX 981 Message header is locally unique per Exporting Process. In 982 contrast to the Observation Domain ID used by an Original 983 Exporter, the Observation Domain ID used by an IPFIX Mediator does 984 not necessarily represent a set of Observation Points located at 985 the IPFIX Mediator itself. 987 An IPFIX Mediator may act as a proxy by relaying entire IPFIX 988 Messages. In this case, it may report information about the 989 Original Exporters by using the Observation Domain ID of the 990 outgoing Messages as scope field in an Options Template Record. 992 Otherwise, the IPFIX Mediator should have a function to export the 993 observation location information regarding the Original Exporter. 994 The information contains the IP addresses and Observation Domain 995 IDs used by the Original Exporters, and some information about the 996 Transport Session, for example, the source port number, so that 997 different Exporting Processes on the same Original Exporter can be 998 identified. As far as privacy policy permits, an IPFIX Mediator 999 reports the information to an IPFIX Collector. 1001 If information about a set of Original Exporters needs to be 1002 reported, it can be useful to export it as Common Properties as 1003 specified in [RFC5473]. The commonPropertiesID may then serve as 1004 a scope for the set of Original Exporters. The Common Properties 1005 Withdrawal Message [RFC5473] can be used to indicate that an 1006 incoming Transport Session from one of the Original Exporters was 1007 closed. 1009 8. Information Model 1011 IPFIX Mediation reuses the general information models from [RFC5102] 1012 and [RFC5477]. However, several Intermediate Processes would 1013 potentially require additional Information Elements as follows: 1015 o Original Exporter IP address, Observation Domain ID, and source 1016 port number about the Transport Session at Original Exporter, in 1017 the case where an IPFIX Mediator reports original observation 1018 location information in section 7. The Information Elements 1019 contained in Export Session Details Options Template in [RFC5655] 1020 may be utilized for this purpose. 1022 o Report on the applied IPFIX Mediation functions as described in 1023 section 6.7. in [RFC5982]. 1025 o Certificate of an Original Exporter in section 9. The Information 1026 Element exporterCertificate in [RFC5655] may be utilized for this 1027 purpose. 1029 9. Security Considerations 1031 As they act as both IPFIX Collecting Processes and Exporting 1032 Processes, the Security Considerations for IPFIX [RFC5101] apply as 1033 well to Mediators. The Security Considerations for IPFIX Files 1034 [RFC5655] apply as well to IPFIX Mediators that write IPFIX Files or 1035 use them for internal storage. In addition, there are a few specific 1036 considerations that IPFIX Mediator implementations must take into 1037 account. 1039 By design, IPFIX Mediators are "men-in-the-middle": they intercede in 1040 the communication between an Original Exporter (or another upstream 1041 Mediator) and a downstream Collecting Process. TLS provides no way 1042 to connect the session between the Mediator and the Original Exporter 1043 to the session between the Mediator and the downstream Collecting 1044 Process; indeed, this is by design. This has important implications 1045 for the level of confidentiality provided across an IPFIX Mediator, 1046 and the ability to protect data integrity and Original Exporter 1047 authenticity across a Mediator. In general, a Mediator should 1048 maintain the same level of integrity and confidentiality protection 1049 on both sides of the mediation operation, except in situations where 1050 the Mediator is explicitly deployed as a gateway between trusted and 1051 untrusted networks. 1053 Subsequent subsections deal with specific security issues raised by 1054 IPFIX Mediation. 1056 9.1. Avoiding Security Level Downgrade 1058 An IPFIX Mediator that accepts IPFIX Messages over a Transport 1059 Session protected by TLS [RFC5246] or DTLS [RFC4347], and which then 1060 exports IPFIX Messages derived therefrom in cleartext, is a 1061 potentially serious vulnerability in an IPFIX infrastructure. The 1062 concern here is that confidentiality protection may be lost across a 1063 Mediator. 1065 Therefore, an IPFIX Mediator that receives IPFIX Messages from an 1066 upstream Exporting Process protected using TLS or DTLS must provide 1067 for sending of IPFIX Messages resulting from the operation of the 1068 Intermediate Process(es) to a downstream Collecting Process using TLS 1069 or DTLS by default. It may be configurable to export records derived 1070 from protected records in cleartext, but only when application 1071 requirements allow. 1073 There are two common use cases for this. First, a Mediator 1074 performing a transformation that leads to a reduction in the required 1075 level security (e.g., by removing all information requiring 1076 confidentiality from the output records) may export records 1077 downstream without confidentiality protection. Second, a mediator 1078 that acts as a proxy between an external (untrusted) network and an 1079 internal (trusted) network may export records without TLS when the 1080 additional overhead of TLS is unnecessary (e.g., on a physically 1081 protected network in the same locked equipment rack). 1083 9.2. Avoiding Security Level Upgrade 1085 There is a similar problem in the opposite direction: as an IPFIX 1086 Mediator's signature on a TLS session to a downstream Collecting 1087 Process acts as an implicit assertion of the trustworthiness of the 1088 data within the session, a poorly deployed IPFIX Mediator could be 1089 used to "legitimize" records derived from untrusted sources. 1090 Unprotected sessions from the Original Exporter are in the general 1091 case untrusted, because they could have been tampered with or forged 1092 by an unauthorized third party. The concern here is that a Mediator 1093 could be used to add inappropriate trust to external information 1094 whose integrity cannot be guaranteed. 1096 An IPFIX Mediator may export signed IPFIX Messages containing records 1097 derived from records received without integrity protection via TLS 1098 when specific deployment requirements allow. One such deployment 1099 consideration would be the reverse of the second case above: when the 1100 Mediator acts as a proxy between an internal (trusted) and an 1101 external (untrusted) network, when the path from the Original 1102 Exporter is protected using some other method and the overhead of a 1103 TLS session is unnecessary. 1105 In such cases, the IPFIX Mediator should notify to the downstream 1106 Collector about the missing protection of all or part of the original 1107 record stream as part of the Transport Session Information. 1109 9.3. Approximating End-to-End Assertions for IPFIX Mediators 1111 Because the Transport Session between an IPFIX Mediator and an 1112 Original Exporter is independent from the Transport Session between 1113 the Mediator and the downstream Collecting Process, there exists no 1114 method via TLS to assert the identity of the original Exporting 1115 Process downstream. However, an IPFIX Mediator, which modifies the 1116 stream of IPFIX Messages sent to it, is by definition a trusted 1117 entity in the infrastructure. Therefore, the IPFIX Mediator's 1118 signature on an outgoing Transport Session can be treated as an 1119 implicit assertion that the Original Exporter was positively 1120 identified by the Mediator and that the source information it 1121 received was trustworthy. However, as noted in the previous section, 1122 IPFIX Mediators must in this circumstance take care not to provide an 1123 inappropriate upgrade of trust. 1125 If the X.509 certificates [RFC5280] used to protect a Transport 1126 Session between an Original Exporter and an IPFIX Mediator are 1127 required downstream, an IPFIX Mediator may export Transport Session 1128 Information including the exporterCertificate and the 1129 collectorCertificate Information Elements with the Export Session 1130 Details Options Template defined in Section 8.1.3 of [RFC5655] or the 1131 Message Details Options Template defined in Section 8.1.4 of 1132 [RFC5655] in order to export this information downstream. However, 1133 in this case, the IPFIX Mediator is making an implicit assertion that 1134 the upstream session was properly protected and therefore 1135 trustworthy, or that the Mediator has otherwise been configured to 1136 trust the information from the Original Expoerter, and as such must 1137 protect the Transport Session to the downstream Collector using TLS 1138 or DTLS, as well. 1140 9.4. Multiple Tenancy 1142 Information from multiple sources may only be combined within a 1143 Mediator when that Mediator is applied for that specific purpose 1144 (e.g., spatial aggregation or concentration of records). In all 1145 other cases, an IPFIX Mediator must provide for keeping traffic data 1146 from multiple sources separate. Though the details of this are 1147 application-specific, this generally entails separating Transport 1148 Sessions within the Mediator, and associating them with information 1149 related to the source or purpose, e.g., network or hardware address 1150 range, virtual LAN tag, interface identifiers, and so on. 1152 10. IANA Considerations 1154 This document has no actions for IANA. 1156 11. References 1158 11.1. Normative References 1160 [RFC5101] Claise, B., "Specification of the IP Flow Information 1161 Export (IPFIX) Protocol for the Exchange of IP Traffic 1162 Flow Information", January 2008. 1164 [RFC5476] Claise, B., Quittek, J., and A. Johnson, "Packet Sampling 1165 (PSAMP) Protocol Specifications", March 2009. 1167 11.2. Informative References 1169 [PSAMP-MIB] 1170 Dietz, T., Claise, B., and J. Quittek, "Definitions of 1171 Managed Objects for Packet Sampling", 1172 draft-ietf-ipfix-psamp-mib-01 (work in progress) , 1173 July 2010. 1175 [RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, 1176 "Requirements for IP Flow Information Export (IPFIX)", 1177 October 2004. 1179 [RFC3954] Claise, B., "Cisco Systems NetFlow Services Export Version 1180 9", October 2004. 1182 [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 1183 Security", April 2006. 1185 [RFC4384] Meyer, D., "BGP Communities for Data Collection", 1186 February 2006. 1188 [RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. 1189 Meyer, "Information Model for IP Flow Information Export", 1190 January 2008. 1192 [RFC5103] Trammell, B. and E. Boschi, "Bidirectional Flow Export 1193 Using IP Flow Information Export (IPFIX)", January 2008. 1195 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1196 (TLS) Protocol Version 1.2", August 2008. 1198 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 1199 Housley, R., and W. Polk, "Internet X.509 Public Key 1200 Infrastructure Certificate and Certificate Revocation List 1201 (CRL) Profile", May 2008. 1203 [RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, 1204 "Architecture for IP Flow Information Export", March 2009. 1206 [RFC5472] Zseby, T., Boschi, E., Brownlee, N., and B. Claise, "IPFIX 1207 Applicability", March 2009. 1209 [RFC5473] Boschi, E., Mark, L., and B. Claise, "Reducing Redundancy 1210 in IP Flow Information Export (IPFIX) and Packet Sampling 1211 (PSAMP) Reports", March 2009. 1213 [RFC5474] Duffield, N., "A Framework for Packet Selection and 1214 Reporting", March 2009. 1216 [RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F. 1217 Raspall, "Sampling and Filtering Techniques for IP Packet 1218 Selection", March 2009. 1220 [RFC5477] Dietz, T., Claise, B., Aitken, P., Dressler, F., and G. 1221 Carle, "Information Model for Packet Sampling Exports", 1222 March 2009. 1224 [RFC5481] Morton, A. and B. Claise, "Packet Delay Variation 1225 Applicability Statement", March 2009. 1227 [RFC5655] Trammell, B., Boschi, E., Mark, L., Zseby, T., and A. 1228 Wagner, "An IPFIX-Based File Format", October 2009. 1230 [RFC5815] Dietz, T., Kobayashi, A., Claise, B., and G. Muenz, 1231 "Definitions of Managed Objects for IP Flow Information 1232 Export", April 2010. 1234 [RFC5982] Kobayashi, A. and B. Claise, "IPFIX Mediation: Problem 1235 Statement", August 2010. 1237 Appendix A. Acknowledgements 1239 We would like to thank the following persons: Brian Trammell for 1240 contribution regarding the improvement of terminologies section and 1241 security consideration section; Daisuke Matsubara, Tsuyoshi Kondoh, 1242 Hiroshi Kurakami, Haruhiko Nishida for contribution during the 1243 initial phases of the document; Nevil Brownlee, Juergen Quittek for 1244 the technical reviews and feedback. 1246 Authors' Addresses 1248 Atsushi Kobayashi 1249 NTT Information Sharing Platform Laboratories 1250 3-9-11 Midori-cho 1251 Musashino-shi, Tokyo 180-8585 1252 Japan 1254 Phone: +81-422-59-3978 1255 Email: akoba@nttv6.net 1257 Benoit Claise 1258 Cisco Systems, Inc. 1259 De Kleetlaan 6a b1 1260 Diegem 1831 1261 Belgium 1263 Phone: +32 2 704 5622 1264 Email: bclaise@cisco.com 1266 Gerhard Muenz 1267 Technische Universitaet Muenchen 1268 Boltzmannstr. 3 1269 Garching 85748 1270 Germany 1272 Phone: +49 89 289-18008 1273 Email: muenz@net.in.tum.de 1274 URI: http://www.net.in.tum.de/~muenz 1276 Keisuke Ishibashi 1277 NTT Information Sharing Platform Laboratories 1278 3-9-11 Midori-cho 1279 Musashino-shi 180-8585 1280 Japan 1282 Phone: +81-422-59-3978 1283 Email: ishibashi.keisuke@lab.ntt.co.jp